I am having problems connecting to MySQL from Perl scripts that are run from the apache web server. These problems don't exist when running the same scripts from the command prompt. It's almost certainly not a Perl problem, but someone may have run into this problem and may be able to help.

Pertinent information:
----------------------
Mysql info - select * from mysql.user yields:
host = localhost user = root password = (none) (yes, I know I have to change this)
host = % user = apache password = 77ddghws8w...
host = localhost user = apache password = (none)
host = 127.0.0.1 user = apache password = (none)

Apache httpd.conf, section 2 has:
User apache
Group apache
ServerName localhost
<Directory "/usr/www/loader/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny ( I think this makes everything very liberal)
Allow from all
</Directory>

There is no (apparent) mysql.cnf file in the system

Observed Behaviour:
-------------------
mysql (from root) ==> mysql> and behaves appropriately (e.g. use mysql is allowed, use mydb is also OK, and can select from mydb.mytable)
mysql -u apache ==> mysql> and behaves appropriately (e.g. use mysql is denied but use mydb is ok, also can select from mydb.mytable)
in the perl script:
if ( $dbh = DBI->connect("DBI:mysql:$INI{DBname}",$INI{DBuser},$INI{DBpass}) )
where $INI{DBuser} = 'root' and $INI{DBpass} is null
==>
if executed from command prompt ==> displays DB information (i.e. evaluates as true)
if executed from web browser ==> evaluates as false

script $who=`whoami`; print "$who"; ==> reports "apache" as the user, therefore:

if ( $dbh = DBI->connect("DBI:mysql:$INI{DBname}",$INI{DBuser},$INI{DBpass}) )
where $INI{DBuser} = 'apache' and $INI{DBpass} is (the login password for apache)
==>
if executed from command prompt ==> displays DB information (i.e. evaluates as true)
if executed from web browser ==> evaluates as false

the same is true if password is left blank
the same result if the $who variable is used instead of $INI{DBuser}

Observation: Users that can connect to mysql from the command prompt and scripts run from the command prompt can access the MySQL databases, whereas those run from the apache web server cannot connect.

Presumption: The error that is being generated by the DBI->connect() statement is a MySQL error, not a system error. The $@ variable is null in this case.

Thoughts:
----------
It should not be a linux permissions issue: we are asking a process to access ITS files (dbs). It demonstrates the ability to do so from the command prompt and from the script run from a command prompt.

It can't be that mysql "rescues" a bad login from prompt(in this case mysql -u apache) by substituting the user from which it was executed, because an apache login bombed when trying to "use mysql", so mysql clearly believed the user was "apache".

It is not a MySQL password issue, as shown by the fact that command prompt "mysql -u apache" works, as does the execution of a script from the command prompt even though it has no password in the DBI->connect() statement.

The password being blank for apache from the command prompt did not matter. This means that the user table is using one of the more specific apache@localhost or apache@'127.0.0.1' entries rather than the general apache@% This further implies that a login into MySQL with user name "apache" and no password should work.

Is it only the user table that allows access? Per the MySQL documentation 6.9: "The user table scope fields determine whether to allow or reject incoming connections.", so it would appear so.

Is this access based on the logged in user (in this case "apache" from whe web server) or is it based on the information supplied to the DBI->connect() statement? The incoming CGI request is user system user apache (as shown by the 'whoami' in the script. Additionaly the specified user is apache (in the DBI->connect() statement). Since both are "apache" and a password is (presumably) not required ...?

Stumped!

In reply to Perl Script connecting to Mysql works from command prompt, not from Apache by gary kuipers

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.